From 1f1fe23f50ce49649f7107b4dfc7f7c9db85294b Mon Sep 17 00:00:00 2001 From: Flynn Bundy Date: Mon, 20 Jan 2020 08:50:31 +0100 Subject: [PATCH] 3.0.1 (#212) --- .../adf-build/organization_policy.py | 12 ++++---- .../adf-build/shared/python/organizations.py | 30 +++++++++++-------- src/template.yml | 20 ++++++------- 3 files changed, 34 insertions(+), 28 deletions(-) diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/organization_policy.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/organization_policy.py index 9c98a9b20..fb01b61f2 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/organization_policy.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/organization_policy.py @@ -19,10 +19,11 @@ def __init__(self): @staticmethod def _find_all(policy): - return [ + _files = [ p for p in glob.iglob( - './**/{0}.json'.format(policy), + './adf-bootstrap/**/{0}.json'.format(policy), recursive=True)] + return [f.replace('./adf-bootstrap', '.') for f in _files] def _compare_ordered_policy(self, obj): if isinstance(obj, dict): @@ -35,12 +36,11 @@ def _compare_ordered_policy(self, obj): @staticmethod def _trim_scp_file_name(policy): - return policy[15:][:-8] if policy[15:][:-8] == '/' else policy[16:][:-9] + return policy[1:][:-8] if policy[1:][:-8] == '/' else policy[2:][:-9] @staticmethod def _trim_tagging_policy_file_name(policy): - return policy[15:][:-19] if policy[15:][:- \ - 19] == '/' else policy[16:][:-20] + return policy[1:][:-19] if policy[1:][:-19] == '/' else policy[2:][:-20] @staticmethod def set_scp_attachment( @@ -163,7 +163,7 @@ def apply(self, organizations, parameter_store, config): # pylint: disable=R091 policy_id, organization_mapping[path]) except organizations.client.exceptions.DuplicatePolicyException: LOGGER.info( - 'Policy (%s) for %s already exists but was not attached, attaching.', + 'Policy (%s) for %s exists ensuring attached.', policy, organization_mapping[path]) policy_id = organizations.list_policies( diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py index 72d6cff1f..4d971496c 100644 --- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py +++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/organizations.py @@ -71,17 +71,20 @@ def update_policy(self, content, policy_id): ) def create_policy(self, content, ou_path, policy_type="SERVICE_CONTROL_POLICY"): - response = self.client.create_policy( - Content=content, - Description='ADF Managed {0}'.format(policy_type), - Name='adf-{0}-{1}'.format('scp' if policy_type == "SERVICE_CONTROL_POLICY" else 'tagging-policy', ou_path), - Type=policy_type - ) - return response['Policy']['PolicySummary']['Id'] + try: + response = self.client.create_policy( + Content=content, + Description='ADF Managed {0}'.format(policy_type), + Name='adf-{0}-{1}'.format('scp' if policy_type == "SERVICE_CONTROL_POLICY" else 'tagging-policy', ou_path), + Type=policy_type + ) + return response['Policy']['PolicySummary']['Id'] + except self.client.exceptions.DuplicatePolicyAttachmentException: + pass @staticmethod def get_policy_body(path): - with open(path, 'r') as policy: + with open('./adf-bootstrap/{0}'.format(path), 'r') as policy: return json.dumps(json.load(policy)) def list_policies(self, name, policy_type="SERVICE_CONTROL_POLICY"): @@ -108,10 +111,13 @@ def describe_policy(self, policy_id): return response.get('Policy') def attach_policy(self, policy_id, target_id): - self.client.attach_policy( - PolicyId=policy_id, - TargetId=target_id - ) + try: + self.client.attach_policy( + PolicyId=policy_id, + TargetId=target_id + ) + except self.client.exceptions.DuplicatePolicyAttachmentException: + pass def detach_policy(self, policy_id, target_id): self.client.detach_policy( diff --git a/src/template.yml b/src/template.yml index 0ed2a6357..cb64d9391 100644 --- a/src/template.yml +++ b/src/template.yml @@ -14,7 +14,7 @@ Metadata: ReadmeUrl: ../docs/serverless-application-repo.md Labels: ['adf', 'aws-deployment-framework', 'multi-account', 'cicd', 'devops'] HomePageUrl: https://github.com/awslabs/aws-deployment-framework - SemanticVersion: 3.0.0 + SemanticVersion: 3.0.1 SourceCodeUrl: https://github.com/awslabs/aws-deployment-framework Parameters: CrossAccountAccessRoleName: @@ -172,7 +172,7 @@ Resources: TERMINATION_PROTECTION: false MASTER_ACCOUNT_ID: !Ref AWS::AccountId ORGANIZATION_ID: !GetAtt Organization.OrganizationId - ADF_VERSION: 3.0.0 + ADF_VERSION: 3.0.1 ADF_LOG_LEVEL: INFO FunctionName: StackWaiter Role: !GetAtt LambdaRole.Arn @@ -193,7 +193,7 @@ Resources: DEPLOYMENT_ACCOUNT_BUCKET: !GetAtt SharedModulesBucketName.Value MASTER_ACCOUNT_ID: !Ref AWS::AccountId ORGANIZATION_ID: !GetAtt Organization.OrganizationId - ADF_VERSION: 3.0.0 + ADF_VERSION: 3.0.1 ADF_LOG_LEVEL: INFO FunctionName: DetermineEventFunction Role: !GetAtt LambdaRole.Arn @@ -214,7 +214,7 @@ Resources: DEPLOYMENT_ACCOUNT_BUCKET: !GetAtt SharedModulesBucketName.Value MASTER_ACCOUNT_ID: !Ref AWS::AccountId ORGANIZATION_ID: !GetAtt Organization.OrganizationId - ADF_VERSION: 3.0.0 + ADF_VERSION: 3.0.1 ADF_LOG_LEVEL: INFO FunctionName: CrossAccountExecuteFunction Role: !GetAtt LambdaRole.Arn @@ -233,7 +233,7 @@ Resources: S3_BUCKET_NAME: !Ref BootstrapTemplatesBucket TERMINATION_PROTECTION: false MASTER_ACCOUNT_ID: !Ref AWS::AccountId - ADF_VERSION: 3.0.0 + ADF_VERSION: 3.0.1 ADF_LOG_LEVEL: INFO FunctionName: RoleStackDeploymentFunction Role: !GetAtt LambdaRole.Arn @@ -252,7 +252,7 @@ Resources: S3_BUCKET_NAME: !Ref BootstrapTemplatesBucket TERMINATION_PROTECTION: false MASTER_ACCOUNT_ID: !Ref AWS::AccountId - ADF_VERSION: 3.0.0 + ADF_VERSION: 3.0.1 ADF_LOG_LEVEL: INFO FunctionName: MovedToRootActionFunction Role: !GetAtt LambdaRole.Arn @@ -271,7 +271,7 @@ Resources: S3_BUCKET_NAME: !Ref BootstrapTemplatesBucket TERMINATION_PROTECTION: false MASTER_ACCOUNT_ID: !Ref AWS::AccountId - ADF_VERSION: 3.0.0 + ADF_VERSION: 3.0.1 ADF_LOG_LEVEL: INFO FunctionName: UpdateResourcePoliciesFunction Role: !GetAtt LambdaRole.Arn @@ -449,7 +449,7 @@ Resources: Image: "aws/codebuild/standard:2.0" EnvironmentVariables: - Name: ADF_VERSION - Value: 3.0.0 + Value: 3.0.1 - Name: TERMINATION_PROTECTION Value: false - Name: PYTHONPATH @@ -714,7 +714,7 @@ Resources: Type: Custom::InitialCommit Properties: ServiceToken: !GetAtt InitialCommitHandler.Arn - Version: 3.0.0 + Version: 3.0.1 RepositoryArn: !GetAtt CodeCommitRepository.Arn DirectoryName: bootstrap_repository ExistingAccountId: !Ref DeploymentAccountId @@ -935,7 +935,7 @@ Resources: Id: adf-codepipeline-trigger-bootstrap Outputs: ADFVersionNumber: - Value: 3.0.0 + Value: 3.0.1 Export: Name: "ADFVersionNumber" LayerArn: